Beng Hacks: March 2005

Wednesday, March 16, 2005

PHP/phpBB vulnerability still exists

Now that I'm on hols I have some free time so I thot I'd try out the neverevernosanity exploit which attacked phpBB forums in Nov last year...

Well, checking with Google, which was used in the original attack, u can't use Google anymore. Google is now blocking any attempts to use it to find phpBB boards. Luckily for me, I could still use MSN Search. So using it I found a few phpBB sites, some which were running really old versions like 2.0.4 and 2.0.6, by far the most common versions out there.

Yep, the exploit still works! I got my hands on the source code and made my own mod to the code and tried it out on some sites... here's some evidence:



Of coz I purposely made this screenshot to hide the actual host's name and other details, but the image clearly shows that I had executed a "ls -al" command on the server. If I wanted to, I could have displayed the contents of config.php or the server's /etc/passwd file. If u have some knowledge of php u could actually execute php code on the server, eg to place a backdoor script or insert trojan code into the database.

Combatting hackers needs a combination of common sense and vigilance. Without vigilance, u're just leaving a window to ur house open. In the end u get wat u deserve.

Monday, March 14, 2005

IT Show and Blue-Hacking

Ok, it's over. Who bought what? Frankly it's quite funny how Singapore has so many IT shows per year, claiming discounts and low prices, when actually the real low prices can be had days later after the show at Sim Lim Square, the very same people who purport to offer low bargain prices at these IT shows.

I myself did want to get a look at Sony's PlayStation Portable (PSP) but for the life of me I couldn't find it. Trinity told me that the local distro tried to bring it in but could only secure the Nintendo DS (which we didn't find either). The PSP's really cool and is now the must-have gadget of 2005.

Speaking of mobile gadgets, did u hear tat Paris Hilton's mobile got blue-hacked (a term coined for BlueTooth hacking)? Me thinks Ms Hilton's a marked lady. More porn videos pls!

Blue-hacking seems to be a slowly building undercurrent but a possible riptide. To date I think there are 2 known BlueTooth viruses in the wild. The mobile industry is now doing what the PC industry did 5 yrs ago, throwing out feature-packed products without security designed into these features, 3G, BlueTooth, SD-WiFi, etc. The PC industry learnt it the hard way and are doing things properly right now. For Bill Gates, it's security first. Will the mobile industry need to face its first global meltdown before learning its much-needed lesson?

Me thinks yes.

Tuesday, March 01, 2005

Blogspot vulnerable

I received word recently that Blogspot was used to deliver malicious code onto unsuspecting victims' PCs.

Seems some smart folks were able to insert (most likely) shellcode onto their blogspot websites. Then these same smart people will direct stupid people to their websites and get themselves infected by the shellcode trojans.

Pretty smart if u ask me, but it's an old trick. Setup a website, put shit on it, direct people to it. Wham bam thank you mam. Tricks used before include phishing, modifying mouseover text and hacking forum output. This is yet another example of the evolution of this strategy.

In the end, practice safe clicking damn you!!